If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

The Most Current Linux/Unix Exploits??

1 - The top Linux/UNIX threat continues to be the Internet's most popular DNS server software, BIND (Berkeley Internet Name Domain). Buffer overruns and cache poisoning are common attack vectors…

2 - Next on the list is the generic Linux/UNIX Web server, which includes Apache and other servers…

3 - The third-rated vulnerability is the password (and other authentication methods)…

4 - Fourth are version-control systems, specifically the most popular, Concurrent Versions System (CVS) and Subversion…

5 - Email services are the fifth most common attack vectors. Sendmail is still the most widely used mail transport agent (MTA) on Linux/UNIX, and it has a number of vulnerabilities. Qmail, Courier, Exim and Postfix are newer alternatives with their own vulnerabilities…

6 - It should come as no surprise that a remote network management tool poses considerable risks to networks, and SNMP, which is usually enabled by default, comes in as the sixth most commonly exploited weakness…

7 - Multiple vulnerabilities in the OpenSSL encryption tool library makes this number seven on the list…

8 - Enterprise NIS and NSF Servers that haven't been configured properly are the next biggest threat…

9 - Databases are designed to be accessed but vulnerabilities can sometimes let remote attackers exploit the open nature of these applications to piggy-back their way into a network…

10 - Kernel vulnerabilities round out the list at the tenth position.

For brevity, I listed only the problems. The article provides some viable solutions to those issues. Click Here:

SANS keeps the list current, so it might be a good idea to bookmark the url and check it every so often. Additionally, the list for both Win & Linux/Unix can be found Here:

Maybe it's me but isn't this rather dated in their choices as to what is number 1? Bind hasn't had an exploit in over a year at this point and really, doing a quick glance at the list indicates that SNMP has had more problems this year than many of the others. What I did notice in my glance is that many are at least 6 months old.

Too much attention on IE by attackers perhaps? (take the easy route rather than take on a challenge?)

The list makes sense because those are the kinds of things that an externally facing Unix host is likely to be running. You don't see things like LDAP, NIS+, SMC and the like because only a Kamikaze SysAdmin would ever let those kinds of services in the DMZ.

I would agree with MsMittens and suggest in addition that any machines patched up to date are unlikely to be exploitable save perhaps poor or neglegent configuration... Which is usually the real underlying problem with a vulnerable DNS, Sendmail, Apache, etc. server.

For example, when Apache.org was hacked, it was literally due to failure to follow their own sage configuration advice.

-- spurious

Note that the Raq3 and above Linux web servers that are so popular with low-end hosting companies have good security records by comparison, despite running a 2.2 Kernel, and older versions of about every package.... Point is that a well configured system is half the battle!